KR20160019615A - Security apparatus based on whitelist and blacklist and method thereof - Google Patents
Security apparatus based on whitelist and blacklist and method thereof Download PDFInfo
- Publication number
- KR20160019615A KR20160019615A KR1020140103871A KR20140103871A KR20160019615A KR 20160019615 A KR20160019615 A KR 20160019615A KR 1020140103871 A KR1020140103871 A KR 1020140103871A KR 20140103871 A KR20140103871 A KR 20140103871A KR 20160019615 A KR20160019615 A KR 20160019615A
- Authority
- KR
- South Korea
- Prior art keywords
- executable file
- whitelist
- execution
- list
- file
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Abstract
According to the present invention, in a security method based on white list and black list on a terminal device or system requiring security, a list of executable files to be executed is stored in an executable file The executable file which is not registered in the whitelist is blocked and registered in a separate black list. Accordingly, even if the white list can not be used by controlling the execution of the execution file on the basis of the black list, it is possible to prevent the execution of the execution file It is possible to effectively block the execution of the program, thereby enabling more reliable security.
Description
BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a whitelist-based malware blocking method, and more particularly to a whitelist-based malicious program blocking method for controlling execution of an executable file on a terminal device or a system requiring security, ), Execution is inhibited for an executable file not registered in the whitelist, and the executable file is registered as a separate blacklist, and the use of the whitelist It is possible to prevent execution of the executable file which may be dangerous to the system with the terminal device even if the white list can not be used by controlling the execution of the execution file based on the black list, White list and blacklist based security that enable security To an apparatus and method.
In recent years, due to the development of wired / wireless communication technology and automation technology, unmanned systems such as automation devices and cash dispensers controlled by software are increasing. Such an unmanned system is connected to a network as needed, So that various operations can be controlled from a central server on the network without any need for a separate operator to manage them.
However, since the above unmanned system is not directly managed or monitored by an administrator, there may be a loophole in security, a security loophole occurs, and a malicious program such as a virus is executed, thereby causing malfunction of the software or operating system If it does occur, it can cause serious losses.
For example, an unmanned system such as a cash dispenser (ATM) is connected to a financial network to perform a variety of financial functions such as cash withdrawal, transfer of money, account book, etc. Data may be modified by viruses or malicious programs, The malfunction of the software or the operating system may be very large.
In general, a virus treatment program or the like is installed in an unmanned system, and a security operation is performed in a manner that the whole or a part of the file system of the system is checked periodically or according to a user's selection. However, In an unmanned system that can cause large or large loss even by performing a single malfunction without directly managing it, there is a problem in security management.
Conventionally, there has been proposed a method of performing security on a system by preventing an operation other than a process or operation privilege preset by an administrator based on a white list from being performed in the system at all, but such a white list-based security There is still a problem in security when the malicious program is executed at the moment when the whitelist temporarily operates normally due to system change or the like.
Therefore, in the present invention, in the control of whether or not an executable file is executed on a terminal device or a system requiring security, it is determined whether or not to execute an executable file in which an execution attempt is detected based on a whitelist in which a list of executed executable files is registered The executable files that are not registered in the whitelist are blocked and registered as a separate black list, and the executable files that are attempted to be executed while the whitelist is not available are executed based on the black list A blacklist-based security apparatus and method for preventing execution of an executable file that may pose a system risk to the terminal apparatus and thereby enabling more reliable security even when the white list can not be used .
The present invention provides a security device based on white list and black list, which includes an executable file detection unit for detecting whether there is an executable file to be executed on a terminal device or a system requiring security, A black list generating unit for checking whether an executable file detected in the white list is a file existing in a whitelist and registering the executable file in a black list when the executable file is not a file existing in the whitelist; Or if the use of the white list is disabled, a new execution file detected by the detection unit after the point in time when the white list can not be used is checked for execution of the new execution file by referring to the black list And a security control unit.
The security control unit may check whether the executable file exists in the whitelist by referring to the whitelist if the whitelist is available, and if the executable file does not exist in the whitelist, execute the execution of the executable file .
If the white list is not available, the security control unit checks whether the new execution file exists in the black list, and blocks the execution if the execution file exists in the black list .
The white list is a list of executable files registered in advance to be executable on the terminal device or the system.
The blacklist is an executable file not registered in the whitelist, and is a list including executable files whose execution attempts are blocked after an execution attempt is detected on the terminal device or the system.
According to another aspect of the present invention, there is provided a security method based on a mixture of a white list and a blacklist, comprising: detecting whether an executable file is attempted to be executed on a terminal device or a system requiring security; Checking whether a whitelist is available to control the execution of the executable file; checking if the executable file is present in the whitelist if the whitelist is available; Executing the executable file if it exists, and blocking execution of the executable file if the executable file does not exist in the whitelist and registering the execution file in the blacklist.
Checking whether the executable file is present in the black list if the use of the whitelist is not possible as a result of the checking; and blocking execution of the executable file when the executable file exists in the black list Further comprising the steps of:
According to the present invention, in a security method based on white list and black list on a terminal device or system requiring security, a list of executable files to be executed is stored in an executable file The executable file which is not registered in the whitelist is blocked and registered in a separate black list. Accordingly, even if the white list can not be used by controlling the execution of the execution file on the basis of the black list, it is possible to prevent the execution of the execution file It is possible to effectively block the execution of the program, thereby enabling more reliable security.
1 is a detailed block diagram of an automatic teller machine in an unattended system to which a security device based on a whitelist and a blacklist is applied according to an embodiment of the present invention;
2 is a detailed block diagram of a security device according to an embodiment of the present invention.
3 is a conceptual diagram of black list generation according to an embodiment of the present invention,
4 is a flowchart illustrating an operation of performing security by using a combination of a white list and a black list function in a security device of an unattended system according to an exemplary embodiment of the present invention.
Hereinafter, the operation principle of the present invention will be described in detail with reference to the accompanying drawings. In the following description of the present invention, detailed description of known functions and configurations incorporated herein will be omitted when it may make the subject matter of the present invention rather unclear. The following terms are defined in consideration of the functions of the present invention, and these may be changed according to the intention of the user, the operator, or the like. Therefore, the definition should be based on the contents throughout this specification.
1 is a detailed block diagram of an automatic teller machine in an unmanned system to which a security device based on a white list and a black list is applied according to an embodiment of the present invention. Herein, in the embodiment of the present invention, the security operation in the automatic teller machine of the unmanned system will be described as an example for convenience of explanation, but the same can be applied to other unattended systems employing the security apparatus of the present invention.
Hereinafter, the operation of each component of the
First, the
The
The
The
The cash deposit /
The
The
The
The
In addition, according to the embodiment of the present invention, the
FIG. 2 shows a detailed block configuration of a security apparatus according to an exemplary embodiment of the present invention, and may include an executable
Hereinafter, operation of each component of the security device will be described in detail with reference to FIG.
First, the execution
The
At this time, the
The
That is, when the
At this time, the
On the other hand, if a system fetch or the like is performed by a terminal device that requires security or an administrator who manages the system, the white list may temporarily stop its operation. That is, for example, if the manager intends to install a program that is not registered in the whitelist for system patching, it is difficult to install the program when the whitelist operates, so the operation of the whitelist is temporarily stopped, After installing a new program for the newly installed program, the executable file of the newly installed program can be registered in the whitelist.
In such a case, the
Accordingly, in the present invention, when the
That is, for example, the
Accordingly, even if the execution of the execution file is attempted in a state in which the use of the white list is impossible according to the embodiment of the present invention, the white list can not be used by controlling execution based on the black list, Execution of dangerous executable files can be blocked and more reliable security can be realized.
FIG. 4 illustrates an operation control flow for performing security by using a combination of a white list and a black list function in a security device of an unattended system according to an embodiment of the present invention. Hereinafter, embodiments of the present invention will be described in detail with reference to FIGS. 1 to 3. FIG.
First, the
If an executable file to be executed on a terminal device or a system requiring security is detected (S402), the
If it is determined that the
At this time, if it is determined that the corresponding executable file exists in the whitelist 208 (S408), the
However, if it is determined that the executable file does not exist in the
On the other hand, when the use of the
That is, if the
At this time, if it is determined that the corresponding executable file exists in the
However, if it is checked that the executable file does not exist in the
As described above, according to the present invention, in a security method based on white list and black list on a terminal device or a system requiring security, an execution attempt is made based on a whitelist in which a list of executable files, And controls execution of the detected executable file. Execution of the executable file not registered in the whitelist is blocked and registered in a separate black list. Accordingly, even if the white list can not be used by controlling the execution of the execution file on the basis of the black list, it is possible to prevent the execution of the execution file It is possible to effectively block the execution of the program, thereby enabling more reliable security.
While the invention has been shown and described with reference to certain preferred embodiments thereof, it will be understood by those skilled in the art that various changes and modifications may be made without departing from the spirit and scope of the invention. Accordingly, the scope of the invention should not be limited by the described embodiments but should be defined by the appended claims.
200: Execution file detection unit 202: Black list generation unit
204: black list 206: security control
208: White List
Claims (7)
A black list generator for checking whether the executable file detected by the executable file detector is a file existing in a whitelist and registering the executable file in a black list if the executable file is not a file existing in the whitelist,
The control unit controls the execution of the executable file by referring to the white list, or when the use of the white list becomes impossible, the new executable file detected by the detection unit after the point in time when the use of the white list becomes unavailable, A security control unit for controlling the execution of the new executable file by referring to the list,
.
The security control unit includes:
Checking whether or not the executable file exists in the whitelist when the white list is available and blocking execution of the executable file when the executable file does not exist in the whitelist by referring to the whitelist; Device.
The security control unit includes:
If the use of the whitelist is not possible, checks whether the new executable file exists in the black list, and blocks the execution if the executable file exists in the black list.
The white-
And a list of executable files registered in advance so as to be executable on the terminal device or the system.
The blacklist includes:
And the executable file is an executable file not registered in the whitelist, the executable file being a list including executable files whose execution attempts are blocked after the execution attempts are detected on the terminal device or the system.
Checking whether a white list for controlling execution of the executable file is available if the execution attempt is detected;
Checking whether the executable file is present in a whitelist if the whitelist is available;
Executing the executable file if the executable file is present in the whitelist;
Blocking the execution of the executable file and registering it in the black list if the executable file does not exist in the whitelist
≪ / RTI >
Checking whether the executable file exists in the black list if the use of the whitelist is impossible;
Blocking execution of the executable file if the executable file is present in the blacklist
Further comprising the steps of:
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020140103871A KR20160019615A (en) | 2014-08-11 | 2014-08-11 | Security apparatus based on whitelist and blacklist and method thereof |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020140103871A KR20160019615A (en) | 2014-08-11 | 2014-08-11 | Security apparatus based on whitelist and blacklist and method thereof |
Publications (1)
Publication Number | Publication Date |
---|---|
KR20160019615A true KR20160019615A (en) | 2016-02-22 |
Family
ID=55445324
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020140103871A KR20160019615A (en) | 2014-08-11 | 2014-08-11 | Security apparatus based on whitelist and blacklist and method thereof |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR20160019615A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2018056601A1 (en) * | 2016-09-22 | 2018-03-29 | 주식회사 위드네트웍스 | Device and method for blocking ransomware using contents file access control |
WO2019212111A1 (en) * | 2018-04-30 | 2019-11-07 | 에스엠테크놀러지(주) | System and method for monitoring and controlling abnormal process, and recording medium for performing same method |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101169287B1 (en) | 2010-12-13 | 2012-08-02 | (주)휴빌론 | Mobile security system and control method thereof |
-
2014
- 2014-08-11 KR KR1020140103871A patent/KR20160019615A/en not_active Application Discontinuation
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101169287B1 (en) | 2010-12-13 | 2012-08-02 | (주)휴빌론 | Mobile security system and control method thereof |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2018056601A1 (en) * | 2016-09-22 | 2018-03-29 | 주식회사 위드네트웍스 | Device and method for blocking ransomware using contents file access control |
KR20180032409A (en) * | 2016-09-22 | 2018-03-30 | 주식회사 위드네트웍스 | Apparatus and method for blocking ransome ware using access control to the contents file |
WO2019212111A1 (en) * | 2018-04-30 | 2019-11-07 | 에스엠테크놀러지(주) | System and method for monitoring and controlling abnormal process, and recording medium for performing same method |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20230029376A1 (en) | Methods for locating an antenna within an electronic device | |
CN105122260B (en) | To the switching based on context of secure operating system environment | |
US8499346B2 (en) | Secure authentication at a self-service terminal | |
US20200111101A1 (en) | Fraud Detection in Self-Service Terminal | |
US8474698B1 (en) | Banking system controlled responsive to data bearing records | |
EP3182325B1 (en) | Input peripheral device security | |
CN105378773B (en) | Alphanumeric keypad for fuel dispenser system architecture | |
US10891834B2 (en) | Automatic transaction apparatus and control method thereof | |
US20160283420A1 (en) | Transaction processing system, transaction processing method and transaction equipment | |
WO2013017925A1 (en) | System and method for updating configuration data for sub-systems of an automated banking machine | |
CN102792308B (en) | For method and the process of the personal identity number input in the consistance software stack in Automatic Teller Machine | |
US11144920B2 (en) | Automatic transaction apparatus | |
KR20160019615A (en) | Security apparatus based on whitelist and blacklist and method thereof | |
Ogata et al. | An ATM security measure for smart card transactions to prevent unauthorized cash withdrawal | |
US20190325412A1 (en) | Maintaining Secure Access to a Self-Service Terminal (SST) | |
JP2009230465A (en) | Pos terminal device and pos system | |
KR20140011545A (en) | Method for inputting data and apparatus thereof | |
US8511544B1 (en) | Banking system controlled responsive to data bearing records | |
JP5624938B2 (en) | Automatic transaction apparatus and automatic transaction system | |
KR20110134080A (en) | A pinpad capable of self-detecting the illegal detachment and the method of maintaining the pinpad security using the same | |
EP2916226A2 (en) | Self-service terminal (SST) device driver | |
CN1989530A (en) | Cash dispensing automated banking machine diagostic system and method | |
JP6212672B2 (en) | Automatic transaction apparatus monitoring system, monitoring apparatus, host apparatus, and monitoring method for automatic transaction apparatus monitoring system | |
Ogata et al. | Secure ATM Device Design by Control Command Verification | |
RU2667577C1 (en) | Device for transactions |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A201 | Request for examination | ||
E902 | Notification of reason for refusal | ||
E902 | Notification of reason for refusal | ||
E601 | Decision to refuse application |